1. Field of the Invention
The present invention is directed in general to implicit certificate systems and methods for operating same. In one aspect, the present invention relates to the methods, systems and devices for generating credentials and certificates for implicitly verifying a public key.
2. Description of the Related Art
In electronic commerce or other information transactions over the Internet and other secure infrastructure, there are increasing security requirements for participating or otherwise provisioning secure hardware which require expensive control processes to uniquely identify and provide the necessary credential to the participants or hardware. To meet this need, systems have been developed for providing large-scale distribution of public keys and public key certificates. Public-key certificates are a vehicle by which public keys may be stored, distributed or forwarded over unsecured media without danger of undetectable manipulation so at to make one party's public key available to others such that its authenticity and validity are verifiable. Public-key certificates use a data structure consisting of a data part and a signature part. The data part contains cleartext data including, as a minimum, a public key and a string identifying the party to be associated therewith. The signature part consists of the digital signature of a certification authority (CA) over the data part, thereby binding the entities identity to the specified public key. With this arrangement, the CA is a trusted third party whose signature on the certificate vouches for the authenticity of the public key bound to the subject entity. One approach for distributing public keys involves implicitly-certified public key schemes where an explicit user public key is reconstructed rather than transported by public-key certificates as in certificate-based systems. An example of an implicitly certified public key mechanism is the original Elliptic Curve Qu-Vanstone Certificate (ECQV) scheme presented in “SEC 4: Elliptic Curve Cryptography Working Draft” which contains a method for creating implicit certificates which provide implicit authentication when the certificate is used in conjunction with an operation requiring the sender to use the private key, such as in an ECDH, ECMQV or ECDSA operation. ECQV Certificates are generated between a requestor and a certificate authority (CA). Under the ECQV scheme, when a user requests an implicit certificate for a public key from a CA, this public key (and the private key) is a random result of the computations made by the user and the CA. This has the direct consequence that once a ECQV implicit certificate is issued, one cannot get another ECQV implicit certificate for the same public key from a different CA.
Accordingly, a need exists for an improved method, system and device for providing credentials to overcome the problems in the art, such as outlined above. Further limitations and disadvantages of conventional processes and technologies will become apparent to one of skill in the art after reviewing the remainder of the present application with reference to the drawings and detailed description which follow.